Age | Commit message (Collapse) | Author |
|
|
|
years ago, and everyone should have upgraded through a version that
applied these checks by now. The ssh-vulnkey tool and the blacklisting
support in sshd are still here, at least for the moment.
* This removes the last of our uses of debconf (closes: #221531).
|
|
(three releases before current stable).
|
|
|
|
bug in /etc/init.d/ssh. If anyone has ignored this for >10 years then
they aren't going to be convinced now.
|
|
are no longer particularly feasible anyway (closes: #420682).
|
|
|
|
|
|
- Remove support for building with GNOME 1. This allows simplification
of our GNOME build-dependencies (see #460136).
- Remove hacks to support the old PAM configuration scheme.
- Remove compatibility for building without po-debconf.
* Build-depend on libgtk2.0-dev rather than libgnomeui-dev. As far as I
can see, the GTK2 version of ssh-askpass-gnome has never required
libgnomeui-dev.
|
|
debian/openssh-server.templates.master; apparently it confuses some
versions of debconf.
|
|
|
|
|
|
|
|
|
|
|
|
- Update French (thanks, Denis Barbier; closes: #368503).
|
|
templates to make boolean short descriptions end with a question mark
and to avoid use of the first person.
|
|
to "yes" in /etc/ssh/ssh_config), having a debconf question to ask whether
it should be setuid is overkill, and the question text had got out of date
anyway. Remove this question, ship ssh-keysign setuid in
openssh-client.deb, and set a statoverride if the debconf question was
previously set to false.
|
|
has not been the default since openssh 1:3.0.1p1-1. Users who need this
should edit sshd_config instead (closes: #147212).
|
|
configuration files to match (closes: #87900, #151321).
|
|
|
|
* Preserve /etc/ssh/sshd_config ownership/permissions (closes: #276754).
* Shorten the version string from the form "OpenSSH_3.8.1p1 Debian
1:3.8.1p1-8.sarge.1" to "OpenSSH_3.8.1p1 Debian-8.sarge.1", as some SSH
implementations apparently have problems with the long version string.
This is of course a bug in those implementations, but since the extent
of the problem is unknown it's best to play safe (closes: #275731).
* debconf template translations:
- Add Finnish (thanks, Matti Pöllä; closes: #265339).
- Update Danish (thanks, Morten Brix Pedersen; closes: #275895).
- Update French (thanks, Denis Barbier; closes: #276703).
- Update Japanese (thanks, Kenshi Muto; closes: #277438).
|
|
|
|
#276703).
|
|
* If PasswordAuthentication is disabled, then offer to disable
ChallengeResponseAuthentication too. The current PAM code will attempt
password-style authentication if ChallengeResponseAuthentication is
enabled (closes: #250369).
* This will ask a question of anyone who installed fresh with 1:3.8p1-2 or
later and then upgraded. Sorry about that ... for this reason, the
default answer is to leave ChallengeResponseAuthentication enabled.
|
|
PasswordAuthentication has been turned off for new installs since
1:3.8p1-2.
|
|
ChallengeResponseAuthentication too. The current PAM code will attempt
password-style authentication if ChallengeResponseAuthentication is enabled
(closes: #250369).
|
|
(closes: #39741). openssh-server depends on openssh-client for some
common functionality; it didn't seem worth creating yet another package
for this.
* New transitional ssh package, depending on openssh-client and
openssh-server. May be removed once nothing depends on it.
* When upgrading from ssh to openssh-{client,server}, it's very difficult
for the maintainer scripts to find out what version we're upgrading from
without dodgy dpkg hackery. I've therefore taken the opportunity to move
a couple of debconf notes into NEWS files, namely ssh/ssh2_keys_merged
and ssh/user_environment_tell.
* In general, upgrading to this version directly from woody without first
upgrading to the version in sarge is not currently guaranteed to work
very smoothly due to the aforementioned version discovery problems.
|
|
both debconf questions related to them and simply set it unconditionally in
newly generated sshd_config files (closes: #228838).
|
|
|
|
|
|
|
|
|
|
|